GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
Apache Superset has improper default REST API permission for Gamma users
Moderate
CVE-2023-36387
was published
for
apache-superset
(pip)
Sep 6, 2023
In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time...
Moderate
Unreviewed
CVE-2023-21249
was published
Jul 13, 2023
An insecure filesystem permission in the Insider Threat Management Agent for Windows enables...
Moderate
Unreviewed
CVE-2023-2818
was published
Jun 27, 2023
A valid, authenticated user with limited privileges may be able to use specifically crafted web...
Moderate
Unreviewed
CVE-2023-2993
was published
Jun 26, 2023
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
vantage6 vulnerable to Improper Preservation of Permissions
Moderate
CVE-2023-22738
was published
for
vantage6
(pip)
Feb 28, 2023
The SystemUI has a vulnerability in permission management. Successful exploitation of this...
Moderate
Unreviewed
CVE-2022-48296
was published
Feb 9, 2023
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to...
Moderate
Unreviewed
CVE-2022-4326
was published
Dec 21, 2022
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not...
Moderate
Unreviewed
CVE-2022-47547
was published
Dec 19, 2022
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
Moderate
CVE-2022-44020
was published
for
sushy-tools
(pip)
Oct 30, 2022
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access...
Moderate
Unreviewed
CVE-2022-41708
was published
Oct 20, 2022
fhir-works-on-aws-authz-smart handles permissions improperly
Moderate
CVE-2022-39230
was published
for
fhir-works-on-aws-authz-smart
(npm)
Sep 21, 2022
Shopware access control list bypassed via crafted specific URLs
Moderate
CVE-2022-36102
was published
for
shopware/shopware
(Composer)
Sep 16, 2022
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of...
Moderate
Unreviewed
CVE-2022-2787
was published
Aug 28, 2022
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because...
Moderate
Unreviewed
CVE-2022-32969
was published
Jun 30, 2022
Improper validation of permissions for third party application accessing Telephony service API...
Moderate
Unreviewed
CVE-2021-35079
was published
Jun 15, 2022
The communication module has a vulnerability of improper permission preservation. Successful...
Moderate
Unreviewed
CVE-2022-31755
was published
Jun 14, 2022
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with...
Moderate
Unreviewed
CVE-2021-39897
was published
May 24, 2022
In updateNotification of BeamTransferManager.java, there is a missing permission check. This...
Moderate
Unreviewed
CVE-2021-0542
was published
May 24, 2022
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker...
Moderate
Unreviewed
CVE-2021-22382
was published
May 24, 2022
A ZTE product has an information leak vulnerability. Due to improper permission settings, an...
Moderate
Unreviewed
CVE-2021-21735
was published
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Moderate
CVE-2021-22137
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
If certificates that signed grub are installed into db, grub can be booted directly. It will then...
Moderate
Unreviewed
CVE-2021-3418
was published
May 24, 2022
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC...
Moderate
Unreviewed
CVE-2021-23963
was published
May 24, 2022
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow...
Moderate
Unreviewed
CVE-2020-12353
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API